% !TEX root = main.tex

\section{Introduction}
\label{sec:introduction}

% Outline: information security is an important issue
Information security is a significant issue in computer science and it keeps
attracting researchers and engineers' interest since decades
\cite{ms:sec-dev-lifecycle}. In traditional software development process,
security concerns are often considered late in the development lifecycle.
However, it is well-known that the cost of eliminating design errors, including
security flaws, increases dramatically the later they are discovered and fixed
\cite{vanWyk:2005:BGS:1092708.1092755}. Furthermore, Separation of Concerns
(\soc) is nowadays becoming a well-accepted design principle in computer
science: it consists in dividing a system into distinct features (aspects) that
are ideally loosely coupled, \ie their functionalities minimally overlap
\cite{springerlink:10.1007/978-3-642-16086-8-8}. Security is one of these
aspects: security concerns are clearly orthogonal to other application
functionalities, even though they cross many of them
\cite{10.1201/9781420068429-c14}.

% Outline: Model Driven Security is an emerging and promising approach to deal
% with security concerns
\emph{Model Driven Security} (\mds) emerged in the last decade as a specialized
Model-Driven Engineering (\mde) approach: it elects models and transformations
as primary artifacts for each software development stage. By manipulating
models, engineers gain a higher level of abstraction compared to code. \mds
applies this approach to security. Several outcomes are expected. First, \soc
directly enables separation of development: it becomes possible to delegate each
concern to dedicated specialists instead of mixing them within the same
development process. Second, having security issues separated improves
portability along several versions of the business functionalities. Third, being
modeled at a higher level than the final target platform and independently from
business functionalities, this enables platform independence, as well as
cross-platform interoperability. Security experts can therefore focus on
security-related issues instead of dealing with technical problems for
integrating them within system infrastructure.

% Outline: Inadequacies in the status-quo; Reasoning evolution of MDS; Proposed
% solution: MDS with heterogeneity;
In this exploratory paper, we first explore several \mds definitions and propose
a \emph{Y-Model} as a generic paradigm to evaluate various \mds methodologies in
literature. Then we analyze the capabilities and drawbacks of these \mds
methodologies in accordance with the proposed Y-Model. A comparison table
follows the analysis summarizes the inadequacies of these \mds methodologies
comparing with the general objective of \mds. Furthermore, we reason about
evolution process of \mds in the last decade based on the features of the
evaluated \mds methodologies. To manage the increasing need for modeling
different security aspects, we then propose an enriched Y-Model in a way that
leverages on multi-formalism modeling based on the trend we extrapolated for our
analysis of \mds evolution. The advanced Y-Model presents a possible future
evolution direction of \mds which is able to deal with \emph{heterogeneity} in
modeling and analyzing different security concerns. Finally we also explore
expected advantages and sketch possible drawbacks of our proposed heterogeneous
\mds direction.

% Outline: Paper organization
The remaining part of this exploratory paper is structured as follows: \sect
\ref{sec:mds} explores various definitions of \mds and proposes a \emph{Y-Model}
as an evaluation schema incorporating common characteristics extracted from
those definitions; \sect \ref{sec:evaluation} evaluates various existing \mds
methodologies in the literature according to the Y-Model paradigm and discusses
the modeling and security analysis capabilities and drawbacks of these
methodologies; \sect \ref{sec:heterogeneity} discusses the evolution trend of
\mds and proposes an initial conceptual model for future \mds with
heterogeneity; \sect \ref{sec:conclusion} closes with some concluding remarks.



%In Section \ref{sec:concept}, we explore various definitions for \mds proposed
%during the last decade, to extract a common skeleton paradigm, the \emph{Y-Model}. This paradigm is evaluated against several \mds approaches in Section \ref{sec:y-process}, where we show how five already existing \mds approaches fit into it. In Section \ref{sec:heterogeneity}, we extract general trends in the use of these \mds approaches in three aspects: how business and security concerns are modeled; how security concerns are internally analyzed and validated; and how platform infrastructure is generated from models for business and security. This promotes us to enrich the Y-Model with \emph{heterogeneity}, which is, in our opinion, a good candidate for a standard \mds paradigm. Section \ref{sec:heterogeneity} also analyzes the advantages and drawbacks of an evolved heterogeneous Y-Model. Section \ref{sec:conclusion} closes with some concluding remarks.




